The search functionality is under construction.
The search functionality is under construction.

On the Detection of Malicious Behaviors against Introspection Using Hardware Architectural Events

Huaizhe ZHOU, Haihe BA, Yongjun WANG, Tie HONG

  • Full Text Views

    0

  • Cite this

Summary :

The arms race between offense and defense in the cloud impels the innovation of techniques for monitoring attacks and unauthorized activities. The promising technique of virtual machine introspection (VMI) becomes prevalent for its tamper-resistant capability. However, some elaborate exploitations are capable of invalidating VMI-based tools by breaking the assumption of a trusted guest kernel. To achieve a more reliable and robust introspection, we introduce a practical approach to monitor and detect attacks that attempt to subvert VMI in this paper. Our approach combines supervised machine learning and hardware architectural events to identify those malicious behaviors which are targeted at VMI techniques. To demonstrate the feasibility, we implement a prototype named HyperMon on the Xen hypervisor. The results of our evaluation show the effectiveness of HyperMon in detecting malicious behaviors with an average accuracy of 90.51% (AUC).

Publication
IEICE TRANSACTIONS on Information Vol.E103-D No.1 pp.177-180
Publication Date
2020/01/01
Publicized
2019/10/09
Online ISSN
1745-1361
DOI
10.1587/transinf.2019EDL8148
Type of Manuscript
LETTER
Category
Artificial Intelligence, Data Mining

Authors

Huaizhe ZHOU
  National University of Defense Technology
Haihe BA
  National University of Defense Technology
Yongjun WANG
  National University of Defense Technology
Tie HONG
  National University of Defense Technology

Keyword